}
+void
+ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
+{
+ SSL_CTX_remove_session(ssl, sess);
+
+ ngx_ssl_remove_session(ssl, sess);
+}
+
+
static void
ngx_ssl_remove_session(SSL_CTX *ssl, ngx_ssl_session_t *sess)
{
shm_zone = SSL_CTX_get_ex_data(ssl, ngx_ssl_session_cache_index);
+ if (shm_zone == NULL) {
+ return;
+ }
+
cache = shm_zone->data;
id = sess->session_id;
ngx_int_t ngx_ssl_create_connection(ngx_ssl_t *ssl, ngx_connection_t *c,
ngx_uint_t flags);
+void ngx_ssl_remove_cached_session(SSL_CTX *ssl, ngx_ssl_session_t *sess);
ngx_int_t ngx_ssl_set_session(ngx_connection_t *c, ngx_ssl_session_t *session);
#define ngx_ssl_get_session(c) SSL_get1_session(c->ssl->connection)
#define ngx_ssl_free_session SSL_SESSION_free
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client SSL certificate verify error: (%l:%s)",
rc, X509_verify_cert_error_string(rc));
+
+ ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ (SSL_get0_session(c->ssl->connection)));
+
ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR);
return;
}
{
ngx_log_error(NGX_LOG_INFO, c->log, 0,
"client sent no required SSL certificate");
+
+ ngx_ssl_remove_cached_session(sscf->ssl.ctx,
+ (SSL_get0_session(c->ssl->connection)));
+
ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT);
return;
}
projects / nginx.git / commitdiff